Interesting how they will allow a mechanical device to be rigged up (fire hazard etc.?) but not a simple one paragraph script from a lightweight macro such as AutoIt to be installed..

Yeah. I guess.

Hopefully it's not a fire hazard.

 

Yeah. I guess.

Hopefully it's not a fire hazard.

Does your username on the system have full permissions? I'm just trying to understand why they would allow one evil but not the other..

 

Does your username on the system have full permissions? I'm just trying to understand why they would allow one evil but not the other..

If there are good infosec practices there they won’t permit unvetted software to be installed on enterprise systems. If they do allow it they have to vet it, and commit to security related updates and version maintenance.

it seems simple to just install a piece of software but properly supported software requires a lot of work beyond the installation and using it.

Hardware is a different thing since it doesn’t execute programs but my suggestion might be denied because in theory it could do bad things.

 

If there are good infosec practices there they won’t permit unvetted software to be installed on enterprise systems. If they do allow it they have to vet it, and commit to security related updates and version maintenance.

it seems simple to just install a piece of software but properly supported software requires a lot of work beyond the installation and using it.

Hardware is a different thing since it doesn’t execute programs but my suggestion might be denied because in theory it could do bad things.

I get the feeling TS isn't allowed to do either option. I made my comment because it seems a hardware solution would require just as much scrutiny as a software solution. Since one solution could steal information while the other could burn the office down, I would think they are in the sameish boat.

 

I get the feeling TS isn't allowed to do either option. I made my comment because it seems a hardware solution would require just as much scrutiny as a software solution. Since one solution could steal information while the other could burn the office down, I would think they are in the sameish boat.

The infosec people don’t have a fire prevention role. I am not being flippant, they aren’t going to consider things from that perspective. Even if they did, low voltage circuits aren’t likely to raise red flags.

 

The infosec people don’t have a fire prevention role. I am not being flippant, they aren’t going to consider things from that perspective. Even if they did, low voltage circuits aren’t likely to raise red flags.

I was thinking more along the lines of side channel attacks, perhaps this is what you were referring to with "bad things"? Anyway I'll leave it there.